End-to-End Encryption: Apple Faces EFF Pressure Campaign
Digital privacy advocates are demanding Apple expand its end-to-end encryption protections beyond iMessage and select iCloud services. The Electronic Frontier Foundation launched its "Encrypt It Already" campaign this week, specifically calling on Apple to deliver promised RCS message encryption and grant users finer control over AI data access. While Apple already encrypts iMessage by default since 2011 and offers optional Advanced Data Protection for iCloud, the nonprofit argues critical gaps remain in how your messages and personal data travel across platforms.
Credit: Google
What the "Encrypt It Already" Campaign Demands
The campaign targets six major tech companies with straightforward requests: implement or expand true end-to-end encryption where it's missing, and give users transparent control over how their data gets processed. For Apple specifically, advocates want two concrete actions. First, deliver on the company's 2025 promise to bring end-to-end encrypted RCS messaging to iPhone users communicating with Android devices. Second, introduce per-app permissions for Apple Intelligence—letting users disable AI features inside specific applications rather than toggling the entire system on or off.
These aren't theoretical concerns. When you send an RCS message today from an iPhone to an Android phone, that communication lacks the same ironclad protection as an iMessage conversation between two Apple devices. Carriers and platform providers can potentially access message content, creating vulnerability that didn't exist in Apple's walled garden.
Apple's Encryption Track Record: Strong but Incomplete
To understand the pressure campaign, you need context on where Apple stands today. Since 2011, iMessage has featured end-to-end encryption by default—a pioneering move that set industry standards long before competitors followed suit. Your texts, photos, and attachments sent between Apple devices remain unreadable to anyone except sender and recipient, including Apple itself.
For cloud storage, Apple offers Advanced Data Protection—an optional setting that extends end-to-end encryption to 23 iCloud data categories including Photos, Notes, Voice Memos, and device backups. When enabled, even Apple cannot access your stored content without your device passcode. This represents the company's highest tier of consumer data protection available today.
Yet significant gaps persist. Standard iCloud accounts without Advanced Data Protection enabled store certain data categories with encryption keys Apple controls. More critically, cross-platform messaging remains a weak point. While Apple brought RCS support to iPhones with iOS 18, it launched without the end-to-end encryption specification included in the RCS Universal Profile 3.0 standard ratified in 2025.
iOS 26.3 Beta Hints at Coming RCS Encryption
There's reason to believe change is imminent. Code analysis of the iOS 26.3 beta reveals Apple actively building infrastructure for end-to-end encrypted RCS messaging using the Message Layer Security (MLS) protocol. These under-the-hood changes suggest Apple is preparing to flip the switch on encrypted Android-to-iPhone messaging—potentially within months rather than years.
The implementation appears designed with carrier flexibility in mind. Early evidence indicates Apple may allow mobile carriers to enable or disable the feature on their networks initially, though privacy advocates hope this becomes a user-controlled setting rather than carrier-dependent. This measured rollout approach mirrors how Apple gradually expanded iMessage capabilities over its first few years.
The AI Permission Problem Nobody's Talking About
Beyond messaging, the EFF highlights a newer privacy frontier: AI data handling. Apple Intelligence processes requests locally on-device when possible, but certain complex queries route through Apple's servers. Currently, users can only toggle Apple Intelligence globally—on for everything or off completely.
The campaign argues this all-or-nothing approach fails privacy-conscious users who want AI assistance in Maps or Photos but don't want their writing app or health journal analyzed by machine learning systems. Per-app AI permissions would let you decide where artificial intelligence enhances your experience versus where human-only privacy matters most. Google faces similar demands regarding its Gemini assistant.
Why Encryption Gaps Actually Matter to You
You might wonder why RCS encryption deserves attention when iMessage already protects your Apple-to-Apple conversations. Consider these everyday scenarios: coordinating with colleagues on Android phones, texting family members who prefer Google devices, or messaging small businesses that use Android-based systems. In each case, your supposedly private conversation lacks the protection you assume exists.
Without end-to-end encryption, RCS messages travel with transport-layer security—adequate against casual snooping but vulnerable to carrier breaches, government data requests, or platform-level access. A single compromised server could expose millions of supposedly private conversations. End-to-end encryption eliminates that risk by ensuring only your devices hold the keys.
The Law Enforcement Counterargument
Encryption debates inevitably surface the "going dark" concern—law enforcement agencies argue strong encryption hampers criminal investigations and child safety efforts. The UK government's 2025 attempt to mandate backdoors in encrypted services triggered Apple to withdraw Advanced Data Protection entirely from British users rather than compromise security.
Privacy experts counter that backdoors for "good guys" inevitably become vulnerabilities for bad actors. History shows weakened encryption standards get exploited by hackers, hostile nations, and corporate spies—not just the intended government agencies. The EFF campaign emphasizes that companies should implement strongest-available encryption while cooperating with lawful requests through existing legal channels like device seizures and warrants.
What You Can Do Today
While waiting for Apple's next software update, you can strengthen your current privacy posture immediately. First, enable Advanced Data Protection in Settings > [your name] > iCloud > Advanced Data Protection. This single toggle activates end-to-end encryption across your entire iCloud ecosystem.
Second, for sensitive cross-platform conversations, use Signal or WhatsApp—both offer end-to-end encrypted messaging regardless of recipient device. Third, provide direct feedback to Apple through their official feedback portal specifically requesting RCS encryption and per-app AI controls. Public pressure works; Apple's initial RCS implementation came after years of user demand.
The Road Ahead for Apple Encryption
Apple has historically responded to sustained privacy advocacy. The company added iMessage contact key verification after security researchers highlighted potential interception risks. It expanded Advanced Data Protection categories following user demand for broader coverage. The "Encrypt It Already" campaign represents the next logical pressure point.
With iOS 26.3 development already incorporating encrypted RCS infrastructure, Apple appears positioned to close its most visible encryption gap within 2026. Whether the company will also introduce granular AI permissions remains less certain—but as on-device processing capabilities grow, user demand for transparency will inevitably follow.
The fundamental question isn't whether encryption should exist. It's whether companies will extend their strongest protections universally rather than reserving them for walled-garden ecosystems. For millions of users texting across platform lines daily, that distinction determines whether their private conversations stay private—or become someone else's data point.
